Re: cvs security - ssh vs pserver?

[Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>]

* martin f krafft (madduck@madduck.net) spake thusly:
...
> that's a good point. you can either generate a keypair on the server
> and distribute the private key to multiple people, or you can create a
> keypair per user and add all those public keys to authorized_keys(2).
> there is no question that the second method is better. in fact, the
> first one SUCKS and should not be used. 

Bull. Give me one reason why it sucks. It's the way of giving them
anonymous cvs access without too much hassle. Or do you believe
that letting them have *a private key* is bad because it's called
"private"? It's just a word, you know...

...with the second method, you
> have more administrative overhead, but you can also just simply take
> privileges away from a single user without anyone else having to worry
> or changing passwords or getting a new identity or this or that.

Yes, and you also have one to one key->user map, so the setup is
not anonymous. Which may not be a good thing.

Dima
-- 
The wombat is a mixture of chalk and clay used for respiration.      -- MegaHal